Upload
phungquynh
View
219
Download
0
Embed Size (px)
Citation preview
University of Illinois at Urbana-Champaign 0
Detecting GPS Spoofing via a Multi-Receiver
Hybrid Communication Network for Power Grids
Tara Mina, Sriramya Bhamidipati, and Grace Xingxin Gao
University of Illinois at Urbana-Champaign
1
Use of Synchronized Data in Power Grid
• Power grid state monitored by Phasor Measurement Units (PMUs)
− Use civilian GPS for synchronization – vulnerable to spoofing
• Significant timing inaccuracies can induce generator trip [1]
• Potential cascading failure, similar to Northeastern Blackout 2003 [2]
1
[1] Shepard, et al, GPS World, 2012
[2] NERC Technical Analysis, 2004
[3] Kudeshia, et al, IEEE VTC, 2017 [3]
University of Illinois at Urbana-Champaign
2
Prior Work and Main Challenges
• Presence of encrypted military P(Y) code for authentication [4-5]
• Shown handful of receivers (2-8) can be authenticated [6]
• Utilized centralized framework approach [7]
• Must extend to entire widespread network of PMUs
2
[4] Lo, et al, Inside GPS, 2009
[5] Psiaki, et al, IEEE TAES, 2013
[6] Heng, Work & Gao, IEEE ITS, 2015
[7] Bhamidipati, Mina & Gao, ION PLANS, 2018
[8] Hazra, et al, IEEE PES ISGT, 2014[8]
University of Illinois at Urbana-Champaign
3
Key Objectives
• Develop spoofing detection architecture for coordinated
authentication of all PMUs, with existing resources
• Provide defense against coordinated spoofing attacks
• Demonstrate successful operation of algorithm during
government-sponsored, real-world spoofing scenario
3
University of Illinois at Urbana-Champaign
4
Outline
• Hybrid Network Architecture Framework
• Spoofing Detection Algorithm
− Computing Preliminary Spoofing Statistic
− Generating Regionally Representative Snippets
− Determining Final Spoofing Decision
• Experimental Setup and Results
• Summary
4
University of Illinois at Urbana-Champaign
5
NASPInet Communication Structure
• North American
Synchrophasor
Initiative network
(NASPInet) [9]
• Regional utility
networks connected
via Data Bus
• Resources
prioritized in regional
sub-networks
6
[9] Hu, Yi, NASPInet Technical Specifications, U.S. DOE, 2009
University of Illinois at Urbana-Champaign
6
Hierarchical Architecture Network
• Utilize communication to compare received GPS signals
• Proposed hybrid architecture network will overlay NASPInet
7
University of Illinois at Urbana-Champaign
8
Outline
• Hybrid Network Architecture Framework
• Spoofing Detection Algorithm
− Computing Preliminary Spoofing Statistic
− Generating Regionally Representative Snippets
− Determining Final Spoofing Decision
• Experimental Setup and Results
• Summary
9
University of Illinois at Urbana-Champaign
11
Outline
• Hybrid Network Architecture Framework
• Spoofing Detection Algorithm
− Computing Preliminary Spoofing Statistic
− Generating Regionally Representative Snippets
− Determining Final Spoofing Decision
• Experimental Setup and Results
• Summary
12
University of Illinois at Urbana-Champaign
12
Experimental Setup
Recorded GPS signal during live-sky spoofing event
13
Sample rate: 2.5 𝑀𝐻𝑧
Snippet length: 500 𝑚𝑠
Post-process: PyGNSS [10]
Spoofing Data
Collection Setup
Rooftop
Antenna
Setup
[10] Wycoff & Gao, GPS World, 2015
University of Illinois at Urbana-Champaign
13
Typical Correlation Plots Observed
14
Typical correlation: single peak above noise floor
University of Illinois at Urbana-Champaign
14
Authentication despite Noisy Correlation
15
Can utilize knowledge of tracking accuracy to pick peak through noise
University of Illinois at Urbana-Champaign
15
Verifying Spoofing despite Noisy Correlation
16
Using tracking accuracy avoids choosing noisy result during spoofing
University of Illinois at Urbana-Champaign
16
Preliminary Threshold Determination
17
Threshold chosen to maximize authentic / spoofed conditional probabilities
Generalized Gamma Distribution pdf:
Authentic:
𝛼 = 27.2𝑐 = 0.517𝛽 = 1.82𝑙 = 486
Spoofed:
𝛼 = 11.3𝑐 = 0.370𝛽 = 0.346𝑙 = 0
𝑓 𝑥, 𝛼, 𝑐, 𝛽, 𝑙 =𝑐 𝑦𝑐𝛼−1exp(−𝑦𝑐)
𝛾(𝛼)𝑦 = 𝛽(𝑥 − 𝑙)
University of Illinois at Urbana-Champaign
17
Preliminary Statistics – Regional Networks
17
Spoofed
Authentic
Threshold
Threshold Authentic
University of Illinois at Urbana-Champaign
18
Secondary Threshold Determination
18
Threshold chosen to maximize authentic / spoofed conditional probabilities
Generalized Gamma Distribution pdf:
Authentic:
𝛼 = 1.53𝑐 = 1.74𝛽 = 33.7𝑙 = 20.0
Spoofed:
𝛼 = 1.18𝑐 = 2.69𝛽 = 5.80𝑙 = 13.7
𝑓 𝑥, 𝛼, 𝑐, 𝛽, 𝑙 =𝑐 𝑦𝑐𝛼−1exp(−𝑦𝑐)
𝛾(𝛼)𝑦 = 𝛽(𝑥 − 𝑙)
University of Illinois at Urbana-Champaign
19
Final Statistic – Representative Snippets
19
• U.S. representative snippet matches that of South America
• Snippet at Western U.S. receiver (spoofed) has poor match
ThresholdSpoofed
Signal from
Authentic
Receivers
University of Illinois at Urbana-Champaign
20
Summary
• Proposed hybrid architecture to detect spoofing at each PMU
− Provides a defense against coordinated attacks on regional networks
− Use regionally representative snippets to reduce bandwidth / processing
• Demonstrated algorithm successfully operates on wide-spread
network during government-sponsored, real-world spoofing attack
− Detects signal manipulation on victim receiver
− Simultaneously authenticates other receivers in hybrid network
20
University of Illinois at Urbana-Champaign
21
Acknowledgements
Special thanks to:
Prof. Jade Morton and Mr. Steve Taylor
for collecting data at the Peru, Chile, Colorado, and Ohio sites.
Additionally, thanks to our lab members:
Craig Babiarz, Arthur Chu, Matthew Peretic, and Cara Yang
for assisting with the experimental setup and data collection at the
Illinois site and the Western U.S. spoofing location.
21
University of Illinois at Urbana-Champaign
22
22
Thank You!
Tara Yasmin Mina
Electrical and Computer Engineering
University of Illinois at Urbana-Champaign
Email: [email protected]
University of Illinois at Urbana-Champaign
24
Modeling Communication Delays
• Inherent delay due to overhead, may be different for each PMU
• Given: probability distribution of communication delay between
PMU and PDCs
• Assumption: Each additional delay is an iid random variable for
each PMU in the network
• Can determine CDF of time to receive all snippets from regional
network
23
University of Illinois at Urbana-Champaign
25
Processing Time Required
• Inherent delay due to overhead, may be different for each PMU
• Given: 𝑀 devices in regional network, 𝑘𝑖 satellites observed at 𝑖𝑡ℎ
PMU, 𝐿 servers at central unit each with mean service rate of 𝜇
• Assumption: Poisson process for snippet arrivals, at rate 𝜆
• Utilization factor (fraction of time each server is busy processing):
• Expected time to condition all snippets:
24